1 files changed, 14 insertions, 0 deletions

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java
index cf46cad57b1..21c8f4ddd31 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java
@@ -13,6 +13,7 @@ import com.yahoo.vespa.athenz.api.NToken;
 import com.yahoo.vespa.athenz.api.ZToken;
 import com.yahoo.vespa.athenz.client.ErrorHandler;
 import com.yahoo.vespa.athenz.client.common.ClientBase;
+import com.yahoo.vespa.athenz.client.zms.bindings.AccessResponseEntity;
 import com.yahoo.vespa.athenz.client.zts.bindings.AccessTokenResponseEntity;
 import com.yahoo.vespa.athenz.client.zts.bindings.AwsTemporaryCredentialsResponseEntity;
 import com.yahoo.vespa.athenz.client.zts.bindings.IdentityRefreshRequestEntity;
@@ -221,6 +222,19 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient {
         });
     }
 
+    @Override
+    public boolean hasAccess(AthenzResourceName resource, String action, AthenzIdentity identity) {
+        URI uri = ztsUrl.resolve(String.format("access/%s/%s?principal=%s",
+                                               action, resource.toResourceNameString(), identity.getFullName()));
+        HttpUriRequest request = RequestBuilder.get()
+                .setUri(uri)
+                .build();
+        return execute(request, response -> {
+            AccessResponseEntity result = readEntity(response, AccessResponseEntity.class);
+            return result.granted;
+        });
+    }
+
     private InstanceIdentity getInstanceIdentity(HttpResponse response) throws IOException {
         InstanceIdentityCredentials entity = readEntity(response, InstanceIdentityCredentials.class);
         return entity.getServiceToken() != null